Free credit monitoring: It’s worth every penny

Some things never change. Like email.

Just today, one of my mailboxes received a dozen offers of bargains and deals. Like, seven new cancer treatments. The email stated, “Reuters nickeas, izzie chihuahua enver noisome Yankee nutshell fodderwing lynf ally meatball.” That sounded pretty enticing.

For years, the spam filters of the Internet service provider I use at home kept my in-box spam-free. But in the last few months, I’ve been flooded with spam. It’s flagged by the native email application on my Macs, but it gets through just the same. One day I didn’t spam, the next day I did. Hello, Verizon?

XTrands offered to increase my volume — I’m not sure what of — by 20 percent, by claiming, “Florenz nigel, grimy padee gleckler averring substitution carleen.” Fantastic!

Then came the offer coffee coupons. It told me, “Israeli lucren umpire cheree markovsky rtrail friendless sadie hira McCormick.”

When you open one of these spam messages, the gobbledegook goes away you get a nicely-done graphic just like any other ad.

Yes, the twin evils of phishing and spam seem to be going in opposite directions. The nonsense text method, originating in the 1990s, still works, apparently. That is, the random words ensure the emails get past ISPs’ spam filters. Bloomberg last month reported that spam remains a large enterprise, accounting for 86 percent of the world’s email traffic, or 400 billion messages a day. It works on the old fashioned principle of brute force. If one-tenth of 1 percent of recipients click on something, spammers declare success.

With spam, you might be annoyed, but at least you’re in control.

Phishing, on the other hand, is a growing threat because of its ever-improving sophistication. One longs for the quaint Nigerian banker. As computer crime has become organized crime, stolen IDs have taken on cash value. They have multiple uses.  Ironically, the identity thieves often don’t care about you. They just want a valid date of birth, address and Social Security number. They use this information to spoof identities to apply for and get government benefits and tax refunds using carefully constructed returns. My interview with Bob Dittmer of Indiana’s revenue department shows how this can balloon into a big and expensive problem.

IDs are useful to constructing socially engineered emails that fool even sophisticated users. Think about all you know about your boss. If you could spoof his or her email account, think of all the mischief you could do in 2 minutes.

The IRS reports fast growth in the use of phishing, with criminals sending convincing emails that appear to come from the IRS and asking for personal information. The agency says it’s up 400 percent this year.

What about OPM had its Great Data Breach? This case is an outlier. Detectives have dived deep into the submerged regions of the Internet but haven’t been able to find it for sale. That means the likely motivation — by the likely offender, China — is long-term espionage.

Which is why offering free credit monitoring for one or three years is merely an autonomic and useless gesture. Even when the motivation for ID theft is to establish credit, it’s useless. Frank Abagnale, the famous fraudster-turned-cybersecurity and fraud crusader, said thieves typically hold onto stolen data for several years before selling it in blocks. In fact, the fastest-growing area of ID theft, he said, is that of children, even infants. It will be years before young people even think about establishing credit.

More commentary from Tom Temin

Comments